Azure Write Permissions: Automate Actions Safely

Overview

This guide explains how to configure selective write permissions for your Azure cloud account, allowing Spotto to perform specific automated actions on your behalf.

What Are Write Permissions?

By default, Spotto operates with read-only access to analyze your Azure environment and provide recommendations. Write permissions enable Spotto to take selective automated actions based on your choices, such as:

• Dismissing Azure Advisor recommendations when you dismiss them in Spotto
• Storage inventory write provisioning (future scope)
• Additional automations (coming soon)

Each write permission is:

• Optional - You choose exactly which actions to enable
• Granular - Enable only the specific permissions you need
• Secure - Uses Azure's built-in RBAC (Role-Based Access Control)
• Revocable - Can be disabled at any time

Why Use Write Permissions?

Write permissions streamline your workflow by:

• Reducing manual work - No need to manually sync actions between Spotto and Azure
• Ensuring consistency - Changes in Spotto are automatically reflected in Azure
• Saving time - Automate repetitive tasks across multiple resources
• Maintaining control - You decide exactly what Spotto can do
• Flexible security - Choose between same credentials (simpler) or separate credentials (more secure)

info

Write permissions are entirely optional. Spotto continues to work with read-only access if you prefer to make all changes manually in Azure.

Prerequisites

Before enabling write permissions, you must:

1. Have an Azure cloud account registered in Spotto
2. Have appropriate Azure permissions to assign roles (Owner or User Access Administrator)
3. Decide whether to use the same credentials or separate credentials (see Configuration)

tip

For enhanced security, we recommend using separate credentials for write operations. However, you can also use the same credentials for both read and write access if preferred.

Next Steps

• Configure Write Permissions - Set up write access credentials
• Dismiss Azure Advisor Recommendations - Enable auto-dismissal of recommendations
• Storage Inventory Access Model - Reader-only behavior and future write scope
• Azure Storage Inventory feature guide - Current setup and test connection flow
• Security Best Practices - Learn about credential management and monitoring
• Custom Roles for Least Privilege - Create custom Azure roles with minimal permissions
• Troubleshooting - Resolve common issues

For further assistance, please Contact Us.

Troubleshooting

Validation fails on first setup

What you're seeing: Spotto can’t validate your write access credential.
Likely causes:

• Credentials (tenant/app/secret) are wrong or incomplete.
• Roles were assigned at the wrong scope.
• Azure role propagation delay. How to fix:

1. Follow the Configuration steps to confirm each field.
2. Confirm role assignments are on the subscription, not a resource group.
3. Wait 5–10 minutes and validate again.